ISO 22301

Business continuity management systems

"By failing to prepare you are prepairing to fail" - Benjamin Franklin

Business continuity is the concept that requires organizations to identify potential threats and the impacts to business operations those threats might cause, if realized; and to plan and implement actions to ensure that critical business functions will be able to continue operation in case of serious incidents or can be recovered to an operational state within a reasonable period.

The concept of business continuity includes three key elements: resilience (critical business functions and the supporting infrastructure are designed and engineered in such a way that they are materially unaffected by most disruptions); recovery (arrangements to recover or restore critical and less critical business functions that fail for some reason) and contingency (a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur. Contingency preparations shall be a last-resort response if resilience and recovery arrangements should prove inadequate). (Wikipedia).

In short business continuity is about being responsible and taking care that the business can survive and stay on course in case of incidents.

ISO 22301 was launched in 2012, when it replaced BS 25999-2 standard, and it defines the requirements for a business continuity management system and can be used as a tool by any organization, no matter the size and activity.

Among other elements, the standard requires organizations to perform a business impact analysis and understand how its business may be affected by disruption; evaluate the risks associated with disrupting events and elaborate a business continuity strategy and procedures that need to be tested periodically and improved if necessary.

Also an incident response structure is required so that at the moment incidents occur, people with responsibilities related to business continuity can act in a timely and efficient manner.

ISO 22301 uses the Plan-Do-Check-Act model and can be implemented and certified independently or together with other management system standards, ISO/IEC 27001, ISO 9001, OHSAS 18001 or ISO 14001 among the most popular choices.